This is a special situation but can be solved via another but more complex Advanced Correlation Scenario.


Goals

  • allow all users to use YouTube connections outside the office hours
  • restrict new YouTube connections within the business hours:
    • allow new streams for 5 minutes
    • afterwards block new YouTube connections for 1 hour


To achieve this, we need:

  • 2 Dynamic Network Objects: a 5 minutes list and 1 hour list
  • 6 rules which handles the traffic and the clients lists (5 minute & 1 hour list).


Attention: This scenario is not able do STOP any ongoing YouTube streams!


Create the Advanced Correlation Scenario

At first we need the Scenario container for the rules - push ADD and enter a name like "Allow YT for 5 min per hour"




Create the required Dynamic Network Objects

The 5 Minutes List

This DNO will store up to 1.000 clients for 5 minutes (= 300 sec.)

Push ADD and enter the name of the list, e.g. "YT 5 min List"




The 10 Min List

The second list (DNO) will store up to 1.000 clients for 1 hour (60 x 60 sec. = 3.600 sec.)

Push ADD and enter "YT 10 min List"




As result we can used these DNO:



Now we are prepared to create the rules.


Creating the rules

Rule 1 for all traffic except YouTube


Push ADD and enter a name like "Allow all traffic except YouTube"



Because we wanna ensure that YouTube connections only are handled by this rule we allow all others (for this scenario!)

So, we the the rule to exclude YouTube via  Classification  condition:



All matching connections shall be allowed, no further checks by this scenario:



Rule 2 - Allow Members of the 5 min. List

This rule allows YouTube access during the office ours for clients which are already members of the 5 min list.


Push ADD and enter a name like "Allow members on 5 min list":


Conditions are the office hours, the 5 min list and YouTube content:



And the  Final Action  will be set to Allow:



Rule 3 - Reject Members of the 10 min. List

If a client already used YouTube within the past 1 hour he is not allowed to request new YouTube content. He needs to be rejected.


Push ADD and enter a name like "Reject members of 10min list":


We're setting the proper  Schedule ,  Source  and  Condition :



Finally we will reject the traffic & no other conditions of this "Allow YT for 5 min per hour" Scenario:



Rule 4 - Add Client to the 5 min. list

If the user started a new YouTube connection but was neither on the 5 min list nor on the 1 hour list, we must take care of him.

So, let's add the client to the 5 min list.


Push ADD and name this rule "Add client to 5 min list":


If the connection was recognised as YouTube connection within the office hours:


the client will be added to our 5 min list:


After saving this rule the client can be added to the 5 min list ...


Rule 5 - Add Client to the 1 hr. list

... but needs to be added to the 1hr list as well using the same procedure


Push ADD again, name this rule "Add client to 10 min list" & set the conditions and action:


Rule 6 - Allow YouTube Traffic

If a client will reach this final rule he:

  • was not using YouTube within the passed 1 hour
  • is within the business hours
  • is new on the 5 min list
  • is new on the 10 min list as well

Now he shall be allowed to use YouTube, thats quite easy:



Summary

If everything was setup as described, the Advanced Correlation Scenario for YouTube usage will look like this: